Export limit exceeded: 75114 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75114 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4740 | 1 Redhat | 1 Multicluster Engine | 2026-04-07 | 8.2 High |
| A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This enables cross-cluster privilege escalation and may allow an attacker to gain control over other managed clusters, including the hub cluster. | ||||
| CVE-2026-35470 | 1 Devcode | 1 Openstamanager | 2026-04-07 | 8.8 High |
| OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received via $_GET['righe'] is directly concatenated into an SQL query without any sanitization, parameterization or validation. An authenticated attacker can inject arbitrary SQL statements to extract sensitive data from the database, including user credentials, customer information, invoice data and any other stored data. This vulnerability is fixed in 2.10.2. | ||||
| CVE-2026-35405 | 2026-04-07 | 7.5 High | ||
| libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a single peer can register. A malicious peer can just keep registering unique namespaces in a loop and the server happily accepts every single one allocating memory for each registration with no pushback. Keep doing this long enough (or with multiple sybil peers) and the server process gets OOM killed. This vulnerability is fixed in 0.17.1. | ||||
| CVE-2026-35395 | 1 Labredescefetrj | 1 Wegia | 2026-04-07 | 8.8 High |
| WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA (Web gerenciador para instituições assistenciais) contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The id_memorando parameter is extracted from $_REQUEST without validation and directly interpolated into SQL queries, allowing any authenticated user to execute arbitrary SQL commands against the database. This vulnerability is fixed in 3.6.9. | ||||
| CVE-2026-35187 | 1 Pyload | 1 Pyload | 2026-04-07 | 7.7 High |
| pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parse_urls API function in src/pyload/core/api/__init__.py fetches arbitrary URLs server-side via get_url(url) (pycurl) without any URL validation, protocol restriction, or IP blacklist. An authenticated user with ADD permission can make HTTP/HTTPS requests to internal network resources and cloud metadata endpoints, read local files via file:// protocol (pycurl reads the file server-side), interact with internal services via gopher:// and dict:// protocols, and enumerate file existence via error-based oracle (error 37 vs empty response). | ||||
| CVE-2026-35182 | 1 Ajax30 | 1 Bravecms-2.0 | 2026-04-07 | 8.8 High |
| Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/{id} lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to change account roles and promote themselves to Super Admin. This vulnerability is fixed in 2.0.6. | ||||
| CVE-2026-35164 | 1 Ajax30 | 1 Bravecms-2.0 | 2026-04-07 | 8.8 High |
| Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies entirely on user input. This allows an authenticated user to upload executable PHP scripts and gain Remote Code Execution. This vulnerability is fixed in 2.0.6. | ||||
| CVE-2026-35043 | 1 Bentoml | 1 Bentoml | 2026-04-07 | 7.8 High |
| BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/_internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates system_packages directly into a shell command using an f-string without any quoting. The generated script is uploaded to BentoCloud as setup.sh and executed on the cloud build infrastructure during deployment, making this a remote code execution on the CI/CD tier. This vulnerability is fixed in 1.4.38. | ||||
| CVE-2026-35036 | 1 Lin-snow | 1 Ech0 | 2026-04-07 | 7.5 High |
| Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, Ech0 implements link preview (editor fetches a page title) through GET /api/website/title. That is legitimate product behavior, but the implementation is unsafe: the route is unauthenticated, accepts a fully attacker-controlled URL, performs a server-side GET, reads the entire response body into memory (io.ReadAll). There is no host allowlist, no SSRF filter, and InsecureSkipVerify: true on the outbound client. Anyone who can reach the instance can force the Ech0 server to open HTTP/HTTPS URLs of their choice as seen from the server’s network position (Docker bridge, VPC, localhost from the process view). This vulnerability is fixed in 4.2.8. | ||||
| CVE-2026-34783 | 1 Montferret | 1 Ferret | 2026-04-07 | 8.1 High |
| Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a website that returns filenames containing ../ sequences, and uses those filenames to construct output paths (a standard scraping pattern), the attacker controls both the destination path and the file content. This can lead to remote code execution via cron jobs, SSH authorized_keys, shell profiles, or web shells. This vulnerability is fixed in 2.0.0-alpha.4. | ||||
| CVE-2026-34211 | 1 Nyariv | 1 Sandboxjs | 2026-04-07 | 7.5 High |
| SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions (e.g., ~2000 nested parentheses), causing a RangeError: Maximum call stack size exceeded that terminates the process. This vulnerability is fixed in 0.8.36. | ||||
| CVE-2026-34148 | 1 Fedify | 2 Fedify, Vocab-runtime | 2026-04-07 | 7.5 High |
| Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1, @fedify/fedify follows HTTP redirects recursively in its remote document loader and authenticated document loader without enforcing a maximum redirect count or visited-URL loop detection. An attacker who controls a remote ActivityPub key or actor URL can force a server using Fedify to make repeated outbound requests from a single inbound request, leading to resource consumption and denial of service. This vulnerability is fixed in 1.9.6, 1.10.5, 2.0.8, and 2.1.1. | ||||
| CVE-2026-22664 | 1 F | 1 Prompts.chat | 2026-04-07 | 7.7 High |
| prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack of URL validation to disclose the FAL_API_KEY in the Authorization header, enabling credential theft, internal network probing, and abuse of the victim's Fal.ai account. | ||||
| CVE-2026-35170 | 1 Trabucayre | 1 Openfpgaloader | 2026-04-07 | 7.1 High |
| openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read vulnerability exists in BitParser::parseHeader() that allows out-of-bounds heap memory access when parsing a crafted .bit file. No FPGA hardware is required to trigger this vulnerability. | ||||
| CVE-2026-35021 | 1 Anthropic | 2 Claude Agent Sdk For Python, Claude Code | 2026-04-07 | 7.8 High |
| Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $() or backtick expressions into file paths that are interpolated into shell commands executed via execSync. Although the file path is wrapped in double quotes, POSIX shell semantics (POSIX §2.2.3) do not prevent command substitution within double quotes, allowing injected expressions to be evaluated and resulting in arbitrary command execution with the privileges of the user running the CLI. | ||||
| CVE-2026-5707 | 1 Aws | 1 Research And Engineering Studio | 2026-04-07 | 8.8 High |
| Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment. | ||||
| CVE-2026-5708 | 1 Aws | 1 Research And Engineering Studio | 2026-04-07 | 8.8 High |
| Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with AWS resources and services via a crafted API request. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment. | ||||
| CVE-2026-5685 | 1 Tenda | 1 Cx12l | 2026-04-07 | 8.8 High |
| A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-5709 | 1 Aws | 1 Research And Engineering Studio | 2026-04-07 | 8.8 High |
| Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment. | ||||
| CVE-2026-5690 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-07 | 7.3 High |
| A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. | ||||